Is Newman Still Supported?

  • Descriptive Title: Is Newman Still supported (as of Sept 2023)?

  • Introduce The Question: The Newman NPM package is currently at v5.3.2, and has not been updated since December 2022. There are several dependency vulnerabilities that keep coming up in my projects that are originating from a Newman Dependency. As of today, the Newman Repo has 186 open issues and 71 open pull requests, many of the top ones looking for dependency updates, whether from dependabot, or a community member.

  • Additional Data: I understand that open source projects are in many ways a gift to the open source community, and I appreciate the work and time that has been put into it, and yes, I know there are ways to resolve indirect dependancies within my own project. But it looks like this integration point is not being supported anymore. And if that is the case, then the community should be made aware. Or if it is still being supported, then at the very least, please resolve any and all security issues with this package.

Thank you for hearing me out.

  • Platform Details: Newman as an NPM dependency.

  • Tags: Newman, dependencies, security, support

1 Like

Hey @dfeeney39 :wave:t2:

Yes, it’s still supported. I know it was updated over a year ago and has a few outdated and flagged (via npm audit) dependencies.

We apologize for not actively maintaining the package in the last few months.
However, I plan to make a major release (v6) sometime this week.

There will be no breaking API changes, but support for Node.js v10 will be dropped due to the tough-cookie vulnerability.

We’ll keep you posted!

2 Likes

That’s great! Thank you so much for all your work on this!

Released Newman v6, refer to the migration guide here.

1 Like

This topic was automatically closed 45 days after the last reply. New replies are no longer allowed.